Vuldb Updates

A vulnerability has been found in Tenda AX1803 1.0.0.1 and classified as critical. Affected by this issue is the function formGetIptv. The manipulation of the argument stbpvid leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2023-51959. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability was found in Tenda AX1803 1.0.0.1. It has been rated as critical. Impacted is the function setIptvInfo. Performing a manipulation of the argument mode results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2023-51962. The attack must originate from the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Mitsubishi Electric CPU Module Logging Configuration Tool, CSGL, CW Configurator, Data Transfer, Data Transfer Classic, EZSocket, FR Configurator SW3, FR Configurator2, GENESIS64, GT Designer3, GT SoftGOT1000, GT SoftGOT2000, GX Developer, GX LogViewer, GX Works2, GX Works3, iQ Works, MI Configurator, Numerical Control Device Communication Software, MR Configurator, MR Configurator2, MRZJW3-MC2-UTL, MX Component, MX OPC Server DA UA, PX Developer Monitor Tool, RT ToolBox3, RT VisualBox, Monitoring tools for the C Controller Module, SW0DNC-MNETH-B, SW1DNC-CCBD2-B, SW1DNC-CCIEF-J, SW1DNC-CCIEF-B, SW1DNC-MNETG-B, SW1DNC-QSCCF-B and SW1DND-EMSDK-B. This affects an unknown function. This manipulation causes improper privilege management. The identification of this vulnerability is CVE-2023-51776. The attack can only be executed locally. There is no exploit available.

A vulnerability has been found in Mitsubishi Electric CPU Module Logging Configuration Tool, CSGL, CW Configurator, Data Transfer, Data Transfer Classic, EZSocket, FR Configurator SW3, FR Configurator2, GENESIS64, GT Designer3, GT SoftGOT1000, GT SoftGOT2000, GX Developer, GX LogViewer, GX Works2, GX Works3, iQ Works, MI Configurator, Numerical Control Device Communication Software, MR Configurator, MR Configurator2, MRZJW3-MC2-UTL, MX Component, MX OPC Server DA UA, PX Developer Monitor Tool, RT ToolBox3, RT VisualBox, Monitoring tools for the C Controller Module, SW0DNC-MNETH-B, SW1DNC-CCBD2-B, SW1DNC-CCIEF-J, SW1DNC-CCIEF-B, SW1DNC-MNETG-B, SW1DNC-QSCCF-B and SW1DND-EMSDK-B and classified as critical. Affected is an unknown function. Performing a manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2023-51778. The attack is only possible with local access. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in Wind River VxWorks 22.09/23.03. The impacted element is an unknown function of the component OpenSSL Handler. Such manipulation leads to memory leak. This vulnerability is listed as CVE-2023-51787. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability has been found in EasyCMS up to 1.6 and classified as critical. The affected element is an unknown function of the file /RbacnodeAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order leads to sql injection. This vulnerability is documented as CVE-2026-3785. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in EasyCMS up to 1.6 and classified as critical. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order results in sql injection. This vulnerability is reported as CVE-2026-3786. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. This vulnerability is cataloged as CVE-2026-3699. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. This manipulation causes buffer overflow. This vulnerability is registered as CVE-2026-3700. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function Edit_BasicSSID_5G of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. This vulnerability is documented as CVE-2026-3701. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. This vulnerability is traded as CVE-2026-3704. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

A vulnerability marked as problematic has been reported in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. This vulnerability is reported as CVE-2026-3702. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability described as critical has been identified in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. This vulnerability appears as CVE-2026-3703. The attack may be performed from remote. In addition, an exploit is available. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

A vulnerability classified as critical was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno results in sql injection. This vulnerability is known as CVE-2026-3705. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gif_decoder.c. Such manipulation of the argument canvas_height leads to integer overflow. This vulnerability is uniquely identified as CVE-2026-3707. Local access is required to approach this attack. Moreover, an exploit is present. It is advisable to implement a patch to correct this issue.

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0 and classified as critical. The impacted element is an unknown function of the file /login.php. Performing a manipulation of the argument Username results in sql injection. This vulnerability was named CVE-2026-3708. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0 and classified as critical. This affects an unknown function of the file /register.php. Executing a manipulation of the argument Username can lead to sql injection. The identification of this vulnerability is CVE-2026-3709. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. It has been classified as critical. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. This vulnerability is referenced as CVE-2026-3710. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. It has been declared as critical. Affected is an unknown function of the file /Adminupdate.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp results in sql injection. This vulnerability is identified as CVE-2026-3711. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in pnggroup libpng up to 1.6.55. It has been rated as critical. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. This vulnerability is tracked as CVE-2026-3713. The attack is restricted to local execution. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.